One of the cool things that I saw last week at SMBNation in Las Vegas was a session by Dana Epp about Password Security. Dana as always kicks butt in his presentations and this one was no exception. One of the great tools that he talked about was a tool called Cain & Abel which did many things for us including revealing passwords already stored on a machine. I attempted to download and install this tool but Trend blocked it during the download – quite rightly too of course as this is a verified hacking tool
Ok – so once downloaded and installed, this tool has many many functions. One of them that I find very cool for managing new clients is the password reveal function where it can look at the local machine and reveal password that the machine has used for Wireless Networks, VPN connections, and a host of other options. The screen shot below you can see has listed the passwords for the wireless networks that my laptop has connected to. The red areas are where I’ve masked out the clear text display of the passwords for those wireless networks and the hex values for them. This is really just the start of what this tool can do. You will need to play with it even more to find out the hidden gems that are present in it.
You can download the tool from here – but be warned, many AV products will block it.
Mike says
Thank you Wayne, I was wondering what tool Dana was using. I was not at SMB Nation but saw all the rave reviews about him using this via twitter.
Thank you!
Mike Clemmons
Bytecafe Consulting
Dana Epp says
Cain & Abel was just one tool I used. I also used OphCrack, and the entire Elcomsoft series of cracking tools when I defeated zip passwords, word passwords, excel passwords and even an MD5 hash before moving to take out the domain creds stored in NTLM thanks to my rainbow tables. The last hack I used Metasploit to take out the Windows Server 2008 domain controller and use a payload insertion to elevate to admin and add a new user to domain admins to bypass the need to crack the admin Cred. Good times in Vegas. Sorry you couldn’t be there.
All this will be covered in upcoming episodes of Crack the Cred at http://www.crackthecred.tv. Subscribe and you’ll be notified as new episodes come available.
nut cracker and pecan sheller says
It’s actually a great and useful piece of information. I am satisfied that you simply shared this helpful
information with us. Please keep us up to date like this.
Thank you for sharing.
WiFi Hack says
I am regular visitor, how are you everybody?
This piece of writing posted at this website is actually nice.